net/http: preserve nil values in Header.Clone

ReverseProxy makes a distinction between nil and zero-length header values. Avoid losing nil-ness when cloning a request. Thanks to Christian Mehlmauer for discovering this. Fixes #53423 Fixes CVE-2022-32148 Change-Id: Ice369cdb4712e2d62e25bb881b080847aa4801f5 Reviewed-on: https://go-review.googlesource.com/c/go/+/412857 Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2025-12-08 06:10:04 +00:00 · 2022-06-17 10:09:45 -07:00 · 2022-06-17 10:09:45 -07:00 · b2cc0fecc2
commit b2cc0fecc2
parent 64ef16e777
2 changed files with 11 additions and 0 deletions
--- a/src/net/http/header.go
+++ b/src/net/http/header.go
@ -103,6 +103,12 @@ func (h Header) Clone() Header {
 	sv := make([]string, nv) // shared backing array for headers' values
 	h2 := make(Header, len(h))
 	for k, vv := range h {
 		if vv == nil {
 			// Preserve nil values. ReverseProxy distinguishes
 			// between nil and zero-length header values.
 			h2[k] = nil
 			continue
 		}
 		n := copy(sv, vv)
 		h2[k] = sv[:n:n]
 		sv = sv[n:]
--- a/src/net/http/header_test.go
+++ b/src/net/http/header_test.go
@ -248,6 +248,11 @@ func TestCloneOrMakeHeader(t *testing.T) {
 			in:   Header{"foo": {"bar"}},
 			want: Header{"foo": {"bar"}},
 		},
 		{
 			name: "nil value",
 			in:   Header{"foo": nil},
 			want: Header{"foo": nil},
 		},
 	}
 	for _, tt := range tests {